User manual
31: Diagnostics
_______________________________________________________________________________________________________
31.8 Firewall diagnostics
The routers OS relies on netfilter for packet filtering, NAT and mangling. The UCI
Firewall provides a configuration interface that abstracts from the iptables
system to provide a simplified configuration model that is fit for most regular
purposes while enabling the user to supply needed iptables rules on his own
when needed.
The firewall section is its own package located within /etc/config/firewall.
Below is an example of a firewall section.
root@VA_router:~# uci export /etc/config/firewall
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option family 'any'
option conntrack '0'
config zone
option name 'wan_interface'
option network ' wan_interface'
option masq '1'
option mtu_fix '1'
option forward 'ACCEPT'
option output 'ACCEPT'
option family 'any'
option conntrack '0'
option input 'ACCEPT'
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 240 of 255